>Hi,>>did anyone notice the second sentence in paragraph below from the FCC's>press release at>http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0226/DOC-33>2260A1.pdf>>> In addition to the existing transparency rule, which was not struck>>down by the court, the Order requires that broadband providers disclose,>>in a consistent format, promotional rates, fees and surcharges and data>>caps. Disclosures must also include packet loss as a measure of network>>performance, and provide notice of network management practices that can>>affect service.>>"Packet loss as a measure of network performance" being the only such>measure explicitly called out doesn't leave me with the warm fuzzy>feeling that the folks the factors affecting QoE over IP networks. ISPs>are being incentivized to optimize for reduced packet loss, and we know>how that goes.>>Lars---------- Forwarded message ----------From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>Date: Feb 27, 2015 8:42 AMSubject: [Bloat] Packet loss in FCC press releaseTo: "David Farber" <farber@gmail.com>Cc:

Dave - FYI. Lars is chair of the Internet Research Task Force (IRTF).

On 2/27/15, 5:49 AM, "Eggert, Lars" <lars@netapp.com> wrote:

>Hi,>>did anyone notice the second sentence in paragraph below from the FCC's>press release at>http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0226/DOC-33>2260A1.pdf>>> In addition to the existing transparency rule, which was not struck>>down by the court, the Order requires that broadband providers disclose,>>in a consistent format, promotional rates, fees and surcharges and data>>caps. Disclosures must also include packet loss as a measure of network>>performance, and provide notice of network management practices that can>>affect service.>>"Packet loss as a measure of network performance" being the only such>measure explicitly called out doesn't leave me with the warm fuzzy>feeling that the folks the factors affecting QoE over IP networks. ISPs>are being incentivized to optimize for reduced packet loss, and we know>how that goes.>>Lars]]>dave@farber.net2015-02-27T09:20:51-05:00Verizon Policy Statement on Net Neutralityhttp://www.listbox.com/member/archive/247/2015/20150227095331:60DE28CC-BE90-11E4-BEED-E5DB30CE3E81/
From: Larry Sheldon <larrysheldon@cox.net>Date: Fri, Feb 27, 2015 at 9:05 AMSubject: Verizon Policy Statement on Net NeutralityTo: "nanog@nanog.org" <nanog@nanog.org>

I do strongly believe in getting concrete data to the consumer. I'm areporter and haven't been able to get most of the data from the companies.

Would any of you care to speculate on what would be appropriate andreasonable to disclose? I believe answers would interest the list.

If you don't want to answer publicly, I'd welcome an answer by email that Iwill keep off the record.

My opinion on one. I believe the disclosure on congestion and/or networkmanagement should take the form of average time per month it's applied andhow much speed is reduced. Or something similar.

Otherwise, carriers will say "Sometimes we manage traffic," usually in manymore words. That leaves the consumer no way to know whether the effect issubstantial or modest and reasonable. It's totally meaningless.

Incidentally, I believe one of the most reasonable management policies isJason's Comcast. I was once told that they apply shaping to the averagecustomer less than an hour per month and reduce speed by no more than athird. With 15+ megabit service to most customers, that allows two HDchannels.

Modestly slowing down the heaviest users, only in limited actual peaks,seems fair to me. Most high use is moving large files which can still getthrough ok at 30% slower speeds for short periods. We move a lot of trafficbecause Jennie does video professionally.

On the other hand, slowing customers down by an unspecified amount for anunspecified part of the time I think unfair.

I do strongly believe in getting concrete data to the consumer. I'm areporter and haven't been able to get most of the data from the companies.

Would any of you care to speculate on what would be appropriate andreasonable to disclose? I believe answers would interest the list.

If you don't want to answer publicly, I'd welcome an answer by email that Iwill keep off the record.

My opinion on one. I believe the disclosure on congestion and/or networkmanagement should take the form of average time per month it's applied andhow much speed is reduced. Or something similar.

Otherwise, carriers will say "Sometimes we manage traffic," usually in manymore words. That leaves the consumer no way to know whether the effect issubstantial or modest and reasonable. It's totally meaningless.

Incidentally, I believe one of the most reasonable management policies isJason's Comcast. I was once told that they apply shaping to the averagecustomer less than an hour per month and reduce speed by no more than athird. With 15+ megabit service to most customers, that allows two HDchannels.

Modestly slowing down the heaviest users, only in limited actual peaks,seems fair to me. Most high use is moving large files which can still getthrough ok at 30% slower speeds for short periods. We move a lot of trafficbecause Jennie does video professionally.

On the other hand, slowing customers down by an unspecified amount for anunspecified part of the time I think unfair.

“None of the claims of what comsec works is to be taken saltless: Tor, OTR,ZTRP are lures.” —Cryptome [3], Dec. 30, 2014

In the aftermath of Edward Snowden's disclosures, the American public hasbeen deluged with talking points that advocate strong encryption as auniversal solution for protecting our privacy. Unfortunately the perceptionof strong encryption as a panacea is flawed. In this report I’ll explainwhy strong encryption isn’t enough and then present some operationalguidelines which can be used to enhance your online privacy. Nothingworthwhile is easy. Especially sidestepping the Internet’s global Eye ofProvidence.

Anyone who reads through privacy recommendations published by the Intercept[4] or the Freedom of the Press Foundation [5] will encounter the samebasic lecture. In a nutshell they advise users to rely on open sourceencryption software, run it from a CD-bootable copy of the TAILS operatingsystem, and route their Internet traffic through the TOR anonymity network.

This canned formula now has a degree of official support from, of allplaces, the White House. A few days ago during an interview with Re/Code,President Obama assured [6] listeners that “there’s no scenario in which wedon’t want really strong encryption.” It’s interesting to note how this isin stark contrast to public admonishments [7] by FBI director James Comeythis past October for key escrow encryption, which is anything but strong.

So it would appear that POTUS is now towing a line advocated by none otherthan whistler-blower Snowden who asserted [8] that “properly implementedstrong crypto systems are one of the few things that you can rely on.”

Only there’s a problem with this narrative and its promise of salvation:When your threat profile entails a funded outfit like the NSA, cybersecurity is largely a placebo.

Down To the Metal

A report [9] released by Moscow-based anti-virus vendor Kaspersky Labproves that, despite the self-congratulatory public relations messaging ofGoogle or Apple, strong encryption might not be the trendy cure-all it’scracked up to be. The NSA has poured vast resources into hacking hardwareplatforms across the board, creating firmware modifications [10] thatallow[11] U.S. spies to “capture a machine’s encryption password, store itin ‘an invisible area inside the computer’s hard drive’ and unscramble amachine’s contents.”

On a side note, Kaspersky Lab is one of two companies authorized [12] byRussian security service to provide anti-virus technology to the Russiangovernment. The company’s founder, Eugene Kaspersky, a former [13] Sovietintelligence officer himself, has links to the Russian Federal SecurityService, or FSB. So it makes sense that the one company with the audacityand skill to publicly showcase a global espionage program by the NSA wouldalso be a company aligned with a countervailing power center outside of theUnited States.

Anyway, when it comes to bare-metal skullduggery there are plenty [14] ofproof-of-concept [15] examples available in the public domain. But theseexperiments are nothing compared to the slick production-level malwaredeployed by NSA spies. When the Pentagon aims for information dominance[16]it doesn't screw around. Hence blind trust in encryption software isexposed as a sort of magical thinking.

Some people would argue that the NSA’s hardware hacks aren’t a big dealbecause they’re used selectively for targeted intrusions. One problem withthis stance is that spy gear has a habit of filtering down into theunderworld because spies and crooks are kindred spirits who often worktogether. Another problem is that the NSA is actively working toindustrialize [17] attacks so that they can be pulled off on a mass scaleagainst large swathes [18] of users. The recent discovery of pre-installedmalware [19] on Lenovo PCs should offer an unsettling hint [20] of wherespies and their front companies are taking things.

Face it, an intelligence agency that makes off [21] with the encryptionkeys from a large multinational company that manufactures billions of SIMcards each year is an agency that’s doing much more than just small-scaletargeted hardware attacks. They want to “collect it all.”

OPSEC Is Law

“Iraqi Assault to Retake Mosul from Islamic State Is Planned for Spring”—New York Timesheadline, Feb. 20, 2015

Given the sorry state of software engineering and the sheer scope ofclandestine subversion programs, if spies want to root your machine they’llprobably find a way. The Internet is akin to a vast swamp in the DeepSouth. Users wade through a hostile murky environment surrounded byalligators prowling silently just below the surface.

And don’t think that tools like Tor [22] will protect you. The FBI hasdemonstrated repeatedly that it can unmask [23] Tor users with exploits.The FBI’s collection of cyber scalps includes [24] a high-ranking cybersecurity director who probably thought his game was tight. The litany ofTor’s failures have led security researchers to conclude [25] that, “Tormakes you stick out as much as a transgender Mongolian in the desert.”

Hence when going toe-to-toe with spies from the NSA’s Office of TailoredAccess Operations [26] or, heaven forbid, its more daunting CIA brethren[27]in the Special Collection Service [28], operational security (OPSEC)becomes essential. This isn’t cynical “privacy nihilism” but ratherclear-headed contingency planning. Once the NSA owns a computer the onlythings that stands between the user and spies is OPSEC. It takesgroundwork, patience and (most of all) discipline. Even the professionalsget this wrong. And when they do the results can be disastrous.

For a graphic illustration of this contemplate the case of Ross Ulbricht,the creator of Silk Road. The celebrated Tor anonymity network did verylittle [29]to stop the feds from getting a bead on him. To make mattersworse you’d think Ulbricht would know better [30] to work with his back tothe room so the feds could sneak up on him before he could log off, leavinghis encrypted laptop in a decidedly vulnerable state.

It didn’t help that the Silk Road’s servers were configured to auto-logincertain client machines and that Ulbricht’s laptop just happened to beconnected to the Silk Road servers as a full administrator. Ditto that forBitcoin wallets on the aforementioned laptop which allowed law enforcementagents to trace [31]over $13 million in Bitcoins to Ulbricht.

“None of the claims of what comsec works is to be taken saltless: Tor, OTR,ZTRP are lures.” —Cryptome [3], Dec. 30, 2014

In the aftermath of Edward Snowden's disclosures, the American public hasbeen deluged with talking points that advocate strong encryption as auniversal solution for protecting our privacy. Unfortunately the perceptionof strong encryption as a panacea is flawed. In this report I’ll explainwhy strong encryption isn’t enough and then present some operationalguidelines which can be used to enhance your online privacy. Nothingworthwhile is easy. Especially sidestepping the Internet’s global Eye ofProvidence.

Anyone who reads through privacy recommendations published by the Intercept[4] or the Freedom of the Press Foundation [5] will encounter the samebasic lecture. In a nutshell they advise users to rely on open sourceencryption software, run it from a CD-bootable copy of the TAILS operatingsystem, and route their Internet traffic through the TOR anonymity network.

This canned formula now has a degree of official support from, of allplaces, the White House. A few days ago during an interview with Re/Code,President Obama assured [6] listeners that “there’s no scenario in which wedon’t want really strong encryption.” It’s interesting to note how this isin stark contrast to public admonishments [7] by FBI director James Comeythis past October for key escrow encryption, which is anything but strong.

So it would appear that POTUS is now towing a line advocated by none otherthan whistler-blower Snowden who asserted [8] that “properly implementedstrong crypto systems are one of the few things that you can rely on.”

Only there’s a problem with this narrative and its promise of salvation:When your threat profile entails a funded outfit like the NSA, cybersecurity is largely a placebo.

Down To the Metal

A report [9] released by Moscow-based anti-virus vendor Kaspersky Labproves that, despite the self-congratulatory public relations messaging ofGoogle or Apple, strong encryption might not be the trendy cure-all it’scracked up to be. The NSA has poured vast resources into hacking hardwareplatforms across the board, creating firmware modifications [10] thatallow[11] U.S. spies to “capture a machine’s encryption password, store itin ‘an invisible area inside the computer’s hard drive’ and unscramble amachine’s contents.”

On a side note, Kaspersky Lab is one of two companies authorized [12] byRussian security service to provide anti-virus technology to the Russiangovernment. The company’s founder, Eugene Kaspersky, a former [13] Sovietintelligence officer himself, has links to the Russian Federal SecurityService, or FSB. So it makes sense that the one company with the audacityand skill to publicly showcase a global espionage program by the NSA wouldalso be a company aligned with a countervailing power center outside of theUnited States.

Anyway, when it comes to bare-metal skullduggery there are plenty [14] ofproof-of-concept [15] examples available in the public domain. But theseexperiments are nothing compared to the slick production-level malwaredeployed by NSA spies. When the Pentagon aims for information dominance[16]it doesn't screw around. Hence blind trust in encryption software isexposed as a sort of magical thinking.

Some people would argue that the NSA’s hardware hacks aren’t a big dealbecause they’re used selectively for targeted intrusions. One problem withthis stance is that spy gear has a habit of filtering down into theunderworld because spies and crooks are kindred spirits who often worktogether. Another problem is that the NSA is actively working toindustrialize [17] attacks so that they can be pulled off on a mass scaleagainst large swathes [18] of users. The recent discovery of pre-installedmalware [19] on Lenovo PCs should offer an unsettling hint [20] of wherespies and their front companies are taking things.

Face it, an intelligence agency that makes off [21] with the encryptionkeys from a large multinational company that manufactures billions of SIMcards each year is an agency that’s doing much more than just small-scaletargeted hardware attacks. They want to “collect it all.”

OPSEC Is Law

“Iraqi Assault to Retake Mosul from Islamic State Is Planned for Spring”—New York Timesheadline, Feb. 20, 2015

Given the sorry state of software engineering and the sheer scope ofclandestine subversion programs, if spies want to root your machine they’llprobably find a way. The Internet is akin to a vast swamp in the DeepSouth. Users wade through a hostile murky environment surrounded byalligators prowling silently just below the surface.

And don’t think that tools like Tor [22] will protect you. The FBI hasdemonstrated repeatedly that it can unmask [23] Tor users with exploits.The FBI’s collection of cyber scalps includes [24] a high-ranking cybersecurity director who probably thought his game was tight. The litany ofTor’s failures have led security researchers to conclude [25] that, “Tormakes you stick out as much as a transgender Mongolian in the desert.”

Hence when going toe-to-toe with spies from the NSA’s Office of TailoredAccess Operations [26] or, heaven forbid, its more daunting CIA brethren[27]in the Special Collection Service [28], operational security (OPSEC)becomes essential. This isn’t cynical “privacy nihilism” but ratherclear-headed contingency planning. Once the NSA owns a computer the onlythings that stands between the user and spies is OPSEC. It takesgroundwork, patience and (most of all) discipline. Even the professionalsget this wrong. And when they do the results can be disastrous.

For a graphic illustration of this contemplate the case of Ross Ulbricht,the creator of Silk Road. The celebrated Tor anonymity network did verylittle [29]to stop the feds from getting a bead on him. To make mattersworse you’d think Ulbricht would know better [30] to work with his back tothe room so the feds could sneak up on him before he could log off, leavinghis encrypted laptop in a decidedly vulnerable state.

It didn’t help that the Silk Road’s servers were configured to auto-logincertain client machines and that Ulbricht’s laptop just happened to beconnected to the Silk Road servers as a full administrator. Ditto that forBitcoin wallets on the aforementioned laptop which allowed law enforcementagents to trace [31]over $13 million in Bitcoins to Ulbricht.

In our internet age, with its abundance of downloadable audio and mobilemedia delivery systems, we’ve grown thoroughly accustomed to the idea ofthe audio book. But 40 years ago, in the age of twelve-inch vinyl discsthat could barely hold 45 minutes of content, the fully realized conceptmust have seemed more like something we would thrill to Bradbury himselfwriting about, or Nimoy himself using on television. But the visionaries inthis case worked at the record label Caedmon, “a pioneer in the audiobookbusiness,” according to the Internet Archive<https://archive.org/details/01TheVeldt&gt;, “the first company to sell spokenword recordings to the public,” and “the ‘seed’ of the audiobook industry.”They grew famous putting out recordings of literary luminaries readingtheir own work: Dylan Thomas reading Dylan Thomas, T.S. Eliot reading T.S.Eliot, Gertrude Stein reading Gertrude Stein. But to my mind — or to myear, anyway — the best of it happened at the intersections, like this one,of an era-defining author, and a different era-defining reader.

In Brian Eno’s *A Year with Swollen Appendices*, <http://amzn.to/1LNTtxz&gt;one of my very favorite books, the well-known rock producer, visual artist,and “non-musician” musician writes out all the things he is<http://timorich.tumblr.com/post/95756946656/brian-enos-self-description-list-from-the&gt;,including “mammal,” “celebrity,” “wine-lover,” “non-driver,” “pragmatist,”and “drifting clarifier.” The list gives us a kind of overview of the man’smany facets, as well as of the many facets we all have, but it doesn’tmention one of his most important roles: that of a singer.

Even within the realm of music, you might not immediately associate Eno(who there made his name spouting synthesized sounds into Roxy Music’searly records, creatively shaking up big acts like David Bowie and U2, andpretty much inventing the wordless ambient genre) with singing. But ofcourse he’s done it since his earliest solo albums and continues to do iton relatively recent ones, and you can hear samples of both here in thispost.

“I believe in singing,” says Eno. “I believe in singing together.” Heexpounds upon this belief in an NPR segment called “Singing: The Key to aLong Life.” <http://www.npr.org/templates/story/story.php?storyId=97320958&gt; Healso credits the practice with the ability to ensure “a good figure, astable temperament, increased intelligence, new friends, superself-confidence, heightened sexual attractiveness and a better sense ofhumor.” It offers the chance to “use your lungs in a way that you probablydon’t for the rest of your day, breathing deeply and openly,” to experience“a sense of levity and contentedness,” and to “learn how to subsumeyourself into a group consciousness.”

Beyond simply, er, singing the praises of singing, Eno also explains justhow he goes about his own practice, regularly bringing together not justfriends willing to sing, but “some drinks, some snacks, some sheets oflyrics and a strict starting time” — all centered around a carefullycurated selection of songs. Years of this have convinced Eno of singing’simportance to our very civilization, to the point that, as he says, “if Iwere asked to redesign the British educational system, I would start byinsisting that group singing become a central part of the daily routine. Ibelieve it builds character and, more than anything else, encourages ataste for co-operation with others.” And it would certainly encouragewhichever student turns out to be the next, well, Brian Eno.

Can’t Help Falling In LoveLove Me TenderKeep On the Sunny SideSixteen TonsWill the Circle Be UnbrokenDreamIf I Had a HammerLove HurtsI’ll Fly AwayDown By the RiversideChapel of LoveWild Mountain ThymeQue Sera, SeraCotton Fields

In our internet age, with its abundance of downloadable audio and mobilemedia delivery systems, we’ve grown thoroughly accustomed to the idea ofthe audio book. But 40 years ago, in the age of twelve-inch vinyl discsthat could barely hold 45 minutes of content, the fully realized conceptmust have seemed more like something we would thrill to Bradbury himselfwriting about, or Nimoy himself using on television. But the visionaries inthis case worked at the record label Caedmon, “a pioneer in the audiobookbusiness,” according to the Internet Archive<https://archive.org/details/01TheVeldt&gt;, “the first company to sell spokenword recordings to the public,” and “the ‘seed’ of the audiobook industry.”They grew famous putting out recordings of literary luminaries readingtheir own work: Dylan Thomas reading Dylan Thomas, T.S. Eliot reading T.S.Eliot, Gertrude Stein reading Gertrude Stein. But to my mind — or to myear, anyway — the best of it happened at the intersections, like this one,of an era-defining author, and a different era-defining reader.

In Brian Eno’s *A Year with Swollen Appendices*, <http://amzn.to/1LNTtxz&gt;one of my very favorite books, the well-known rock producer, visual artist,and “non-musician” musician writes out all the things he is<http://timorich.tumblr.com/post/95756946656/brian-enos-self-description-list-from-the&gt;,including “mammal,” “celebrity,” “wine-lover,” “non-driver,” “pragmatist,”and “drifting clarifier.” The list gives us a kind of overview of the man’smany facets, as well as of the many facets we all have, but it doesn’tmention one of his most important roles: that of a singer.

Even within the realm of music, you might not immediately associate Eno(who there made his name spouting synthesized sounds into Roxy Music’searly records, creatively shaking up big acts like David Bowie and U2, andpretty much inventing the wordless ambient genre) with singing. But ofcourse he’s done it since his earliest solo albums and continues to do iton relatively recent ones, and you can hear samples of both here in thispost.

“I believe in singing,” says Eno. “I believe in singing together.” Heexpounds upon this belief in an NPR segment called “Singing: The Key to aLong Life.” <http://www.npr.org/templates/story/story.php?storyId=97320958&gt; Healso credits the practice with the ability to ensure “a good figure, astable temperament, increased intelligence, new friends, superself-confidence, heightened sexual attractiveness and a better sense ofhumor.” It offers the chance to “use your lungs in a way that you probablydon’t for the rest of your day, breathing deeply and openly,” to experience“a sense of levity and contentedness,” and to “learn how to subsumeyourself into a group consciousness.”

Beyond simply, er, singing the praises of singing, Eno also explains justhow he goes about his own practice, regularly bringing together not justfriends willing to sing, but “some drinks, some snacks, some sheets oflyrics and a strict starting time” — all centered around a carefullycurated selection of songs. Years of this have convinced Eno of singing’simportance to our very civilization, to the point that, as he says, “if Iwere asked to redesign the British educational system, I would start byinsisting that group singing become a central part of the daily routine. Ibelieve it builds character and, more than anything else, encourages ataste for co-operation with others.” And it would certainly encouragewhichever student turns out to be the next, well, Brian Eno.

Can’t Help Falling In LoveLove Me TenderKeep On the Sunny SideSixteen TonsWill the Circle Be UnbrokenDreamIf I Had a HammerLove HurtsI’ll Fly AwayDown By the RiversideChapel of LoveWild Mountain ThymeQue Sera, SeraCotton Fields

For IP, I apologize for yet another rant on this topic, but the author ofthe Forbes article seems to think the problematic packet loss requirementis an anomaly.

The FCC has *no* *zero* *nadda* technical expertise. The new Internet"referee" consists of 2000 lawyers working out of offices in SW Washington,DC.

As another example, I have worked for the last 12 months to discourage theFCC from imposing quarterly call answer rate reporting obligations on everynetwork in the country (including Skype et al).

The data collection arose to address call completion complaints, but itamounts to an enforcement of speed limits by having everyone with a driverslicense report their driving habits on a quarterly basis.

It is a self-evident dangerous and idiotic distraction from work towardactually improving call completion rates.

For IP, I apologize for yet another rant on this topic, but the author ofthe Forbes article seems to think the problematic packet loss requirementis an anomaly.

The FCC has *no* *zero* *nadda* technical expertise. The new Internet"referee" consists of 2000 lawyers working out of offices in SW Washington,DC.

As another example, I have worked for the last 12 months to discourage theFCC from imposing quarterly call answer rate reporting obligations on everynetwork in the country (including Skype et al).

The data collection arose to address call completion complaints, but itamounts to an enforcement of speed limits by having everyone with a driverslicense report their driving habits on a quarterly basis.

It is a self-evident dangerous and idiotic distraction from work towardactually improving call completion rates.

> From: "Daniel Berninger" <dan.berninger@gmail.com <javascript:;>> Subject: Re: [IP] This One Clause In The New Net Neutrality Regs Would

> For IP, I apologize for yet another rant on this topic, but the author> of the Forbes article seems to think the problematic packet loss> requirement is an anomaly.

Whether or not it is an anomaly it is quite clear that consumers can notmake rational choices about network providers without some sort ofcharacterization of the service they will be able to obtain. Thischaracterization would be best if it were quantitative rather thandescriptive.

This description needs to describe not only the last-hop of an edgeprovider that is attached to a customer but also the cross-spancharacteristics, and maybe even enumerate its connections (and thequality and nature of those connections) to other providers. (I'm surethat that last aspect would cause an uproar among providers, but thatkind of information is needed for consumers to make rational evaluations.)

The kind of descriptions needed are complex. Bandwidth alone is simplyinadequate - and also quite ambiguous. For instance, what bits arebeing counted? Do Ethernet header bits or CRC bits count? Or is itlike iperf in which only UDP or TCP transport data bits are counted?

Is the bandwidth sensitive to packet sizes or packet bursts?

How much other traffic is sharing the link? Are there broadcasts fromother users, and can other users here my broadcasts?

And thinking of packet sizes - an important number is the MTU; withoutan MTU users won't really have the information they need to avoid IPfragments or, if possible, to use more efficient larger frames (subjectto full path MTU constraints.)

A very important number is delay, and perhaps even more important formany uses is the variation of that delay (i.e. jitter). A consumer thatdoes a lot of VoIP may well prefer to use a low jitter provider over ahigher-bandwidth provider that has more jitter.

User's also need numbers that define dynamics of the paths offered by aprovider: The amount of buffering (and whether it is in bytes orpackets), the queue drop strategies when buffering runs low, the rate ofpacket drop, packet duplication, packet mis-ordering - and a descriptionof how those behaviors form bursts.

What we need for network is a something akin to the familiar labels thatare put on most food products that list caloric content, sugars, salts,etc etc.

This will not be trivial to develop, but right now we almost nothing.

--karl------------ Forwarded message ----------From: *Karl Auerbach* <karl@cavebear.com>Date: Saturday, February 28, 2015Subject: Re This One Clause In The New Net Neutrality Regs Would Be AFiasco For The Internet - ForbesTo: dave@farber.net

> From: "Daniel Berninger" <dan.berninger@gmail.com <javascript:;>> Subject: Re: [IP] This One Clause In The New Net Neutrality Regs Would

> For IP, I apologize for yet another rant on this topic, but the author> of the Forbes article seems to think the problematic packet loss> requirement is an anomaly.

Whether or not it is an anomaly it is quite clear that consumers can notmake rational choices about network providers without some sort ofcharacterization of the service they will be able to obtain. Thischaracterization would be best if it were quantitative rather thandescriptive.

This description needs to describe not only the last-hop of an edgeprovider that is attached to a customer but also the cross-spancharacteristics, and maybe even enumerate its connections (and thequality and nature of those connections) to other providers. (I'm surethat that last aspect would cause an uproar among providers, but thatkind of information is needed for consumers to make rational evaluations.)

The kind of descriptions needed are complex. Bandwidth alone is simplyinadequate - and also quite ambiguous. For instance, what bits arebeing counted? Do Ethernet header bits or CRC bits count? Or is itlike iperf in which only UDP or TCP transport data bits are counted?

Is the bandwidth sensitive to packet sizes or packet bursts?

How much other traffic is sharing the link? Are there broadcasts fromother users, and can other users here my broadcasts?

And thinking of packet sizes - an important number is the MTU; withoutan MTU users won't really have the information they need to avoid IPfragments or, if possible, to use more efficient larger frames (subjectto full path MTU constraints.)

A very important number is delay, and perhaps even more important formany uses is the variation of that delay (i.e. jitter). A consumer thatdoes a lot of VoIP may well prefer to use a low jitter provider over ahigher-bandwidth provider that has more jitter.

User's also need numbers that define dynamics of the paths offered by aprovider: The amount of buffering (and whether it is in bytes orpackets), the queue drop strategies when buffering runs low, the rate ofpacket drop, packet duplication, packet mis-ordering - and a descriptionof how those behaviors form bursts.

What we need for network is a something akin to the familiar labels thatare put on most food products that list caloric content, sugars, salts,etc etc.

Don't judge my amateur work too harshly. Just wanted to organize the definitions for the average user like me._______________________________________________To manage your ISOC subscriptions or unsubscribe,please log into the ISOC Member Portal:https://portal.isoc.org/Then choose Interests & Subscriptions from the My Account menu.

Don't judge my amateur work too harshly. Just wanted to organize the definitions for the average user like me._______________________________________________To manage your ISOC subscriptions or unsubscribe,please log into the ISOC Member Portal:https://portal.isoc.org/Then choose Interests & Subscriptions from the My Account menu.

I realize that terrorism is scary and I certainly hope that the US doesn'tsuffer any more attacks from Islamic extremists any time soon.

But this is the kind of thing that really scares the hell out of me andit's all too common in America:After giving her 15-year-old daughter a driving lesson in the parking lotof a Las Vegas middle school last Thursday night, Tammy Meyers nearly hitanother car on their drive home. That car apparently followed them home,police say, where one passenger opened fire, hitting Meyers in the head.Meyers, 44, died at University Medical Center Saturday after her familytook her off life support.

According to the Las Vegas Review-Journal, after avoiding the wreck withthe other vehicle, Meyers pulled over, and got into an argument with thethree people reportedly in the second car; one apparently threatened her.

The car allegedly followed the Meyers' home, and after the mother anddaughter pulled in front of their house, opened fire. Tammy's husband,Robert, told the Associated Press that after hearing gunshots, the couple'sadult son ran out of the house with a handgun, firing several shots. ABCNews reports the daughter had run inside before the shooting started.

We live in a shooting gallery in this country. The bullet of a random armedasshole angry about a fender bender is far more likely to kill us than aterrorist:

I realize that terrorism is scary and I certainly hope that the US doesn'tsuffer any more attacks from Islamic extremists any time soon.

But this is the kind of thing that really scares the hell out of me andit's all too common in America:After giving her 15-year-old daughter a driving lesson in the parking lotof a Las Vegas middle school last Thursday night, Tammy Meyers nearly hitanother car on their drive home. That car apparently followed them home,police say, where one passenger opened fire, hitting Meyers in the head.Meyers, 44, died at University Medical Center Saturday after her familytook her off life support.

According to the Las Vegas Review-Journal, after avoiding the wreck withthe other vehicle, Meyers pulled over, and got into an argument with thethree people reportedly in the second car; one apparently threatened her.

The car allegedly followed the Meyers' home, and after the mother anddaughter pulled in front of their house, opened fire. Tammy's husband,Robert, told the Associated Press that after hearing gunshots, the couple'sadult son ran out of the house with a handgun, firing several shots. ABCNews reports the daughter had run inside before the shooting started.

We live in a shooting gallery in this country. The bullet of a random armedasshole angry about a fender bender is far more likely to kill us than aterrorist:

Regardless of which performance measures are the right ones (and certainlymultiple ones should be required as no single metric can describe the fullcustomer experience), I think the key think here is the disclosure of suchinformation. It seems to be the first time in a long time that the FCC*increased* reporting vs. the almost constant removal of reportedinformation that has happened over the past decade+.

Online API and platform services (like AWS, Twitter, Twilio, etc) havedeveloped very good reporting infrastructure over the past few years. Takefor example both https://dev.twitter.com/overview/status andhttp://status.aws.amazon.com and alsohttps://codeascraft.com/2015/02/09/q4-2014-site-performance-report/. Thereare many other examples. These tools are *automated* and respected by thecompanies that publish their data, which means that they are real-time andaccurate (within reason) can be trusted to demonstrate adherence todelivery promises and 3rd party developer expectations. They also providepublic pressure on a company to actually fix issues and invest in realperformance gains.

Whatever metrics are decided upon, this sort of transparency is what weshould expect from internet access providers. Yes, software developers areahead of the curve on this stuff, but IAPs all have loads of internalservice performance data (at least I hope so, or else network engineers areoperating blind) and there's no reason why some of this shouldn't bepublished publicly.

I do strongly believe in getting concrete data to the consumer. I'm areporter and haven't been able to get most of the data from the companies.

Would any of you care to speculate on what would be appropriate andreasonable to disclose? I believe answers would interest the list.

If you don't want to answer publicly, I'd welcome an answer by email that Iwill keep off the record.

My opinion on one. I believe the disclosure on congestion and/or networkmanagement should take the form of average time per month it's applied andhow much speed is reduced. Or something similar.

Otherwise, carriers will say "Sometimes we manage traffic," usually in manymore words. That leaves the consumer no way to know whether the effect issubstantial or modest and reasonable. It's totally meaningless.

Incidentally, I believe one of the most reasonable management policies isJason's Comcast. I was once told that they apply shaping to the averagecustomer less than an hour per month and reduce speed by no more than athird. With 15+ megabit service to most customers, that allows two HDchannels.

Modestly slowing down the heaviest users, only in limited actual peaks,seems fair to me. Most high use is moving large files which can still getthrough ok at 30% slower speeds for short periods. We move a lot of trafficbecause Jennie does video professionally.

On the other hand, slowing customers down by an unspecified amount for anunspecified part of the time I think unfair.

Regardless of which performance measures are the right ones (and certainlymultiple ones should be required as no single metric can describe the fullcustomer experience), I think the key think here is the disclosure of suchinformation. It seems to be the first time in a long time that the FCC*increased* reporting vs. the almost constant removal of reportedinformation that has happened over the past decade+.

Online API and platform services (like AWS, Twitter, Twilio, etc) havedeveloped very good reporting infrastructure over the past few years. Takefor example both https://dev.twitter.com/overview/status andhttp://status.aws.amazon.com and alsohttps://codeascraft.com/2015/02/09/q4-2014-site-performance-report/. Thereare many other examples. These tools are *automated* and respected by thecompanies that publish their data, which means that they are real-time andaccurate (within reason) can be trusted to demonstrate adherence todelivery promises and 3rd party developer expectations. They also providepublic pressure on a company to actually fix issues and invest in realperformance gains.

Whatever metrics are decided upon, this sort of transparency is what weshould expect from internet access providers. Yes, software developers areahead of the curve on this stuff, but IAPs all have loads of internalservice performance data (at least I hope so, or else network engineers areoperating blind) and there's no reason why some of this shouldn't bepublished publicly.

I do strongly believe in getting concrete data to the consumer. I'm areporter and haven't been able to get most of the data from the companies.

Would any of you care to speculate on what would be appropriate andreasonable to disclose? I believe answers would interest the list.

If you don't want to answer publicly, I'd welcome an answer by email that Iwill keep off the record.

My opinion on one. I believe the disclosure on congestion and/or networkmanagement should take the form of average time per month it's applied andhow much speed is reduced. Or something similar.

Otherwise, carriers will say "Sometimes we manage traffic," usually in manymore words. That leaves the consumer no way to know whether the effect issubstantial or modest and reasonable. It's totally meaningless.

Incidentally, I believe one of the most reasonable management policies isJason's Comcast. I was once told that they apply shaping to the averagecustomer less than an hour per month and reduce speed by no more than athird. With 15+ megabit service to most customers, that allows two HDchannels.

Modestly slowing down the heaviest users, only in limited actual peaks,seems fair to me. Most high use is moving large files which can still getthrough ok at 30% slower speeds for short periods. We move a lot of trafficbecause Jennie does video professionally.

On the other hand, slowing customers down by an unspecified amount for anunspecified part of the time I think unfair.

When Google’s Eric Schmidt <http://topics.wsj.com/person/S/Eric-Schmidt/177>called White House officials a few weeks ago to oppose President Obama ’s demand that the Internet be regulated as a utility, they told him to buzz off. The chairman of the company that led lobbying for “net neutrality” learned the Obama plan made in its name instead micromanages the Internet.

Mr. Schmidt is not the only liberal mugged by the reality of Obamanet, approved on party lines last week by the Federal Communications Commission. The 300-plus pages of regulations remain secret, but as details leak out, liberals have joined the opposition to ending the Internet as we know it.

The Progressive Policy Institute said: “There is nothing progressive about the FCC backsliding to common carrier rules dating back to the 1930s.” The Internet Society, a net-neutrality advocate, said: “We are concerned with the FCC’s decision to base new rules for the modern Internet on decades-old telephone regulations designed for a very different technological era.” Former Clinton official Larry Irving wrote in the Hill: “Most of today’s proponents of a utility model for the Internet either have forgotten or never knew the genesis of the ‘regulatory restraint’ model that helped spur and continues to support Internet expansion.”

Verizon <http://quotes.wsj.com/VZ>poked fun at the FCC’s retrograde move by issuing a news release in Morse code and in an old-fashioned typewriter font, dated “February 26, 1934,” the year Congress passed the Communications Act to regulate the telephone monopoly—the law the FCC is now applying to the Internet.

ENLARGEPHOTO: VERIZONThe Electronic Frontier Foundation, which supports applying the 1934 law to the Internet, nonetheless objects to a new regulation giving the FCC open-ended power to regulate the Internet. “A ‘general conduct rule,’ applied on a case-by-case basis,” the EFF wrote, “may lead to years of expensive litigation to determine the meaning of ‘harm’ (for those who can afford to engage in it).”

The general-conduct rule reportedly has seven standards, one of which is the “effect on free expression.” Net neutrality was supposed to ban online discrimination based on content. Instead, it is empowering the FCC—the agency that for decades enforced the “Fairness Doctrine” and that last year proposed studying “bias” in newsrooms—to chill speech.

FCC Chairman Tom Wheeler justified Obamanet by saying the Internet is “simply too important to be left without rules and without a referee.” He got it backward: Light-handed regulation made today’s Internet possible.

What if at the beginning of the Web, Washington had opted for Obamanet instead of the open Internet? Yellow Pages publishers could have invoked “harm” and “unjust and unreasonable” competition from online telephone directories. This could have strangled Alta Vista and Excite, the early leaders in search, and relegated Google to a Stanford student project. Newspapers could have lobbied against Craigslist for depriving them of classified advertising. Encyclopedia Britannica could have lobbied against Wikipedia.

Competitors could have objected to the “fast lane” that Amazon got from Sprint <http://quotes.wsj.com/S>at the launch of the Kindle to ensure speedy e-book downloads. The FCC could have blocked Apple from integrating Internet access into the iPhone. Activists could have objected toAOL <http://quotes.wsj.com/AOL>bundling access to The Wall Street Journal in its early dial-up service.

Among the first targets of the FCC’s “unjust and unreasonable” test are mobile-phone contracts that offer unlimited video or music. Netflix <http://quotes.wsj.com/NFLX&gt;, the biggest lobbyist for utility regulation, could be regulated for how it uses encryption to deliver its content.

Until Congress or the courts block Obamanet, expect less innovation. During a TechFreedom conference last week, dissenting FCC commissioner Ajit Pai asked: “If you were an entrepreneur trying to make a splash in a marketplace that’s already competitive, how are you going to differentiate yourself if you have to build into your equation whether or not regulatory permission is going to be forthcoming from the FCC? According to this, permissionless innovation is a thing of the past.”

The other dissenting Republican commissioner, Michael O’Rielly, warned: “When you see this document, it’s worse than you imagine.” The FCC has no estimate on when it will make the rules public.

The silver lining is a valuable lesson for Silicon Valley executives who thought it was safe to lobby for net neutrality, but instead got Obamanet: The only place on the Internet for Washington regulators is at arm’s length.

When Google’s Eric Schmidt <http://topics.wsj.com/person/S/Eric-Schmidt/177>called White House officials a few weeks ago to oppose President Obama ’s demand that the Internet be regulated as a utility, they told him to buzz off. The chairman of the company that led lobbying for “net neutrality” learned the Obama plan made in its name instead micromanages the Internet.

Mr. Schmidt is not the only liberal mugged by the reality of Obamanet, approved on party lines last week by the Federal Communications Commission. The 300-plus pages of regulations remain secret, but as details leak out, liberals have joined the opposition to ending the Internet as we know it.

The Progressive Policy Institute said: “There is nothing progressive about the FCC backsliding to common carrier rules dating back to the 1930s.” The Internet Society, a net-neutrality advocate, said: “We are concerned with the FCC’s decision to base new rules for the modern Internet on decades-old telephone regulations designed for a very different technological era.” Former Clinton official Larry Irving wrote in the Hill: “Most of today’s proponents of a utility model for the Internet either have forgotten or never knew the genesis of the ‘regulatory restraint’ model that helped spur and continues to support Internet expansion.”

Verizon <http://quotes.wsj.com/VZ>poked fun at the FCC’s retrograde move by issuing a news release in Morse code and in an old-fashioned typewriter font, dated “February 26, 1934,” the year Congress passed the Communications Act to regulate the telephone monopoly—the law the FCC is now applying to the Internet.

ENLARGEPHOTO: VERIZONThe Electronic Frontier Foundation, which supports applying the 1934 law to the Internet, nonetheless objects to a new regulation giving the FCC open-ended power to regulate the Internet. “A ‘general conduct rule,’ applied on a case-by-case basis,” the EFF wrote, “may lead to years of expensive litigation to determine the meaning of ‘harm’ (for those who can afford to engage in it).”

The general-conduct rule reportedly has seven standards, one of which is the “effect on free expression.” Net neutrality was supposed to ban online discrimination based on content. Instead, it is empowering the FCC—the agency that for decades enforced the “Fairness Doctrine” and that last year proposed studying “bias” in newsrooms—to chill speech.

FCC Chairman Tom Wheeler justified Obamanet by saying the Internet is “simply too important to be left without rules and without a referee.” He got it backward: Light-handed regulation made today’s Internet possible.

What if at the beginning of the Web, Washington had opted for Obamanet instead of the open Internet? Yellow Pages publishers could have invoked “harm” and “unjust and unreasonable” competition from online telephone directories. This could have strangled Alta Vista and Excite, the early leaders in search, and relegated Google to a Stanford student project. Newspapers could have lobbied against Craigslist for depriving them of classified advertising. Encyclopedia Britannica could have lobbied against Wikipedia.

Competitors could have objected to the “fast lane” that Amazon got from Sprint <http://quotes.wsj.com/S>at the launch of the Kindle to ensure speedy e-book downloads. The FCC could have blocked Apple from integrating Internet access into the iPhone. Activists could have objected toAOL <http://quotes.wsj.com/AOL>bundling access to The Wall Street Journal in its early dial-up service.

Among the first targets of the FCC’s “unjust and unreasonable” test are mobile-phone contracts that offer unlimited video or music. Netflix <http://quotes.wsj.com/NFLX&gt;, the biggest lobbyist for utility regulation, could be regulated for how it uses encryption to deliver its content.

Until Congress or the courts block Obamanet, expect less innovation. During a TechFreedom conference last week, dissenting FCC commissioner Ajit Pai asked: “If you were an entrepreneur trying to make a splash in a marketplace that’s already competitive, how are you going to differentiate yourself if you have to build into your equation whether or not regulatory permission is going to be forthcoming from the FCC? According to this, permissionless innovation is a thing of the past.”

The other dissenting Republican commissioner, Michael O’Rielly, warned: “When you see this document, it’s worse than you imagine.” The FCC has no estimate on when it will make the rules public.

The silver lining is a valuable lesson for Silicon Valley executives who thought it was safe to lobby for net neutrality, but instead got Obamanet: The only place on the Internet for Washington regulators is at arm’s length.

<TaxPayerRant>Yet another program announced with a scant two weeks' notice for interested parties to get themselves to the proposers day... greatly favors the usual Beltway bandit suspects...</TaxPayerRant>

BACKGROUND Privacy is critical to a free society. As Louis Brandeis expounded in 1890, the right to privacy is a consequence of understanding that harm comes in more ways than just the physical. He was reacting to the ability of the new “instantaneous camera” to record personal information in new ways. Since then, the ability of technology to collect and share information has grown beyond all expectation, and what we’ve discovered as a society is that this is both a good and a bad thing.

The ability to analyze large amounts of aggregated personal data can help businesses optimize online commerce, medical workers address public health issues, and governments interrupt terrorist activities. However, numerous recent incidents involving the disclosure of data have heightened society’s awareness of the vulnerability of private information within cyberspace. Moreover, there is so much data that it is currently infeasible for individuals or enterprises to control it in a meaningful way with the information technologies available today. The White House has made cybersecurity a priority and has launched numerous initiatives to enable the safe and effective sharing of information to increase the nation’s ability to protect itself and to thwart any adversary’s ability to shut down our networks, steal trade secrets or invade the privacy of Americans.

The Brandeis program seeks to develop the technical means to protect the private and proprietary information of individuals and enterprises.

PURPOSE The purpose of the Brandeis Proposers’ Day is threefold: To familiarize participants with DARPA’s interest in the area of revolutionary advances in privacy science or systems; To identify potential proposers and promote understanding of the anticipated Brandeis BAA proposal requirements; and To provide an opportunity for potential proposers to submit questions to DARPA and receive answers....

<TaxPayerRant>Yet another program announced with a scant two weeks' notice for interested parties to get themselves to the proposers day... greatly favors the usual Beltway bandit suspects...</TaxPayerRant>

BACKGROUND Privacy is critical to a free society. As Louis Brandeis expounded in 1890, the right to privacy is a consequence of understanding that harm comes in more ways than just the physical. He was reacting to the ability of the new “instantaneous camera” to record personal information in new ways. Since then, the ability of technology to collect and share information has grown beyond all expectation, and what we’ve discovered as a society is that this is both a good and a bad thing.

The ability to analyze large amounts of aggregated personal data can help businesses optimize online commerce, medical workers address public health issues, and governments interrupt terrorist activities. However, numerous recent incidents involving the disclosure of data have heightened society’s awareness of the vulnerability of private information within cyberspace. Moreover, there is so much data that it is currently infeasible for individuals or enterprises to control it in a meaningful way with the information technologies available today. The White House has made cybersecurity a priority and has launched numerous initiatives to enable the safe and effective sharing of information to increase the nation’s ability to protect itself and to thwart any adversary’s ability to shut down our networks, steal trade secrets or invade the privacy of Americans.

The Brandeis program seeks to develop the technical means to protect the private and proprietary information of individuals and enterprises.

PURPOSE The purpose of the Brandeis Proposers’ Day is threefold: To familiarize participants with DARPA’s interest in the area of revolutionary advances in privacy science or systems; To identify potential proposers and promote understanding of the anticipated Brandeis BAA proposal requirements; and To provide an opportunity for potential proposers to submit questions to DARPA and receive answers....

Microsoft and Lenovo, working together, wrote a removal tool that(supposedly) removes Superfish and all its traces. The source is availablefor examination.

I have a Lenovo with Superfish. Are there any IPers who believe the removaltool really works? Given the fact that I trust Lenovo not at all, I amreluctant to run any additional software they are providing.---------- Forwarded message ----------From: *Ellen Ullman* <ullman@well.com>Date: Monday, March 2, 2015Subject: Lenovo and SuperfishTo: dave <dave@farber.net>

Microsoft and Lenovo, working together, wrote a removal tool that(supposedly) removes Superfish and all its traces. The source is availablefor examination.

I have a Lenovo with Superfish. Are there any IPers who believe the removaltool really works? Given the fact that I trust Lenovo not at all, I amreluctant to run any additional software they are providing.]]>dave@farber.net2015-03-02T13:42:13-05:00Letter to Senate Select Committee on Intelligence regarding CISA |Center for Democracy & Technologyhttp://www.listbox.com/member/archive/247/2015/20150302172526:03EA5012-C12B-11E4-B0EC-8F87DC1FB3AD/
https://cdt.org/insight/letter-to-senate-select-cmte-on-cisa/https://cdt.org/insight/letter-to-senate-select-cmte-on-cisa/]]>dave@farber.net2015-03-02T17:25:30-05:00Fwd: Re:Lenovo and Superfishhttp://www.listbox.com/member/archive/247/2015/20150302173042:C09098C0-C12B-11E4-B9B8-965C4B0F68C8/
From: "Tom Goltz" <tgoltz@quietsoftware.com>Date: Mar 2, 2015 4:29 PMSubject: Re: [IP] Lenovo and SuperfishTo: "Ellen Ullman" <ullman@well.com>Cc: <dave@farber.net>

I don't "trust" corporations either, but they are generally run by veryrational people. Lenovo has been caught doing something incredibly stupidand very publicly shamed for it. If the removal tool did somethingnefarious and it became public knowledge, it would utterly destroy Lenovosales in the United States, and I think Lenovo's management is very muchaware of this. I would be hugely shocked if the Superfish removal tooldoes anything other than advertised.

I also have great confidence that Lenovo (or Microsoft) will do somethingelse incredibly stupid that compromises their customer's security in thefuture.

Microsoft and Lenovo, working together, wrote a removal tool that(supposedly) removes Superfish and all its traces. The source is availablefor examination.

I have a Lenovo with Superfish. Are there any IPers who believe theremoval tool really works? Given the fact that I trust Lenovo not at all, Iam reluctant to run any additional software they are providing.

I don't "trust" corporations either, but they are generally run by veryrational people. Lenovo has been caught doing something incredibly stupidand very publicly shamed for it. If the removal tool did somethingnefarious and it became public knowledge, it would utterly destroy Lenovosales in the United States, and I think Lenovo's management is very muchaware of this. I would be hugely shocked if the Superfish removal tooldoes anything other than advertised.

I also have great confidence that Lenovo (or Microsoft) will do somethingelse incredibly stupid that compromises their customer's security in thefuture.

Microsoft and Lenovo, working together, wrote a removal tool that(supposedly) removes Superfish and all its traces. The source is availablefor examination.

I have a Lenovo with Superfish. Are there any IPers who believe theremoval tool really works? Given the fact that I trust Lenovo not at all, Iam reluctant to run any additional software they are providing.